Future of Stateless Linux

I was reading the Stateless Linux tutorial last night. I have a few
questions regarding some issues and how the project will tackle them, if
at all.
I haven't actually tried the software yet, but at work we're having a
new cluster shipped today and this means I have an official excuse to
play with stuff later this week. My perspective focuses mostly on the
needs of clusters and similar setups (blade servers, etc.). I understand
that, at least initially, the project will mainly target desktop
clients. I also understand that we're still in the early stages.
On to the issues.
1) IP addresses
There are several sides to this. The basic premise is that some might
prefer static IP addresses and names for boxes. If I have, say, 30
blades, I would like the blade with the sticker "20" on it to actually
be called "node020". And the one next to it to be called "node021". The
tutorial simply avoids the issue, showing how to set up a DHCP setup
with 100% dynamic IPs. You could consider this issue orthogonal to
serving images and root filesystems, but I think an integrated approach
is preferrable.
The obvious solution here is to resort to Ethernet MAC addresses.
Section 5 (Setting up diskless clients) "solves" the issue by just
saying "Determine the MAC address of the client(s)". That's not as
automated as one would wish and, more importantly, still doesn't take
care of IP addresses and names - it just changes the PXE boot image for
that MAC address. My question here is: are there any plans to tackle
this?
There is an approach that I have used in the past. It worked for me, but
it might need to be made more flexible and robust, to support all the
scenarios that Stateless Linux hopes to enable.
You need, of course, to have a list of MAC addresses. Even better,
several lists of MAC addresses - e.g. for several groups/profiles. You
can enter them manually or, if you're lazy enough, you'll want the
clients and the server to register them automatically.
I do this at the time that the kickstart file is served (I don't serve
images yet, but the idea is the same). A simple CGI script looks at the
IP at the remote end, retrieves the MAC address using ARP and appends it
to the list of addresses for that group. This is the common case, where
you add hosts sequentially by booting them in order, one by one. Of
course you can edit the MAC address lists manually if a NIC needs e.g.
to be replaced.
Another script takes care of creating new configuration files for DHCPD
and BIND, starting from the lists of MAC addresses and some parameters
associated to them. E.g., you'll want to specify that Group 1 lives in
the 10.23.45.0/24 subnet and its symbolic names follow the format string
"desktop%03d". You can even tell dhcpd to add/update entries without
restarting the process, using OMAPI - it's a bit funky, but it can be
made to work in a reliable manner.
A consequence of this is that you can now assign "unregistered" hosts to
a special address range, if you need it. A malicious system can still
spoof another MAC address, but you can at least deal with the more
common case of a system that is misconfigured or was never configured.
Or a Windows system.
2) Live updates
With the current design and implementation, updates happen only at a
snapshot level. There's no support for live updates that do not require
a reboot. I am not sure if this is set in stone, but I can understand
the rationale behind it. It makes sense for desktop systems, but a bit
less for servers.
Is there an answer to the inevitable question, "how do we minimise the
downtime associated with switching to a new image?"? One could imagine
using kexec:
http://www-106.ibm.com/developerworks/linux/library/l-kexec.html
Or, if the kernel doesn't change between images, one could envision a
hack that does the equivalent of going to single-user mode and switching
the root filesystem - unless there's some gotcha that makes it
impossible. The fact that / is already read-only should help, I guess.
3) USB drives
This is a minor issue, but I think it's worth starting to address.
Floppies are dead - the sheer size of the 2.6 kernel makes them unfit
for the purpose - and maybe CDs should be next. USB flash drives are
faster, handier, do not necessitate the extra step of creating an ISO
image and do not require a drive that consumes precious space and power
(well, you could use an USB CD drive, if you're that masochistic).
If tools are going to be developed to create caching client boostrap
images and "live" images, it might be worth considering support for
USB/Firewire drives from the start. It should be a subset of the CD
case, since you are avoiding the creation of an ISO image.
This is all for now.
--
Rudi